Unknown error using opensnoop

[ghost]

I'm using kali 1.0.9a and trying to use opensnoop. I get an error statring "events/syscalls/sys_exit_open/enable". Wondering which of the prerequisites I'm missing.

[mpictor]

$ sudo ./opensnoop Password: Tracing open()s. Ctrl-C to end. ./opensnoop: line 179: events/syscalls/sys_exit_open/enable: No such file or directory ERROR: enabling open() exit tracepoint. Exiting.

opensnoop:179 is

if ! echo 1 > events/syscalls/sys_exit_open/enable; then

Not sure how this ever worked...?!

[scotte]

Is FTRACE enabled in your kernel?

[cebtenzzre]

CONFIG_FTRACE_SYSCALLS may be necessary. That's disabled on my system and I get this error. I'll rebuild my kernel with it enabled and see what happens.

Edit: Yes, enabling CONFIG_FTRACE_SYSCALLS (and CONFIG_FUNCTION_PROFILER, though it probably wasn't necessary) solved the problem.

[mpictor]

It appears CONFIG_FTRACE_SYSCALLS wasn't enabled in my kernel (though the waters are a bit muddy - the repo containing the config was reorganized a few times).

I'll try to find time to try again.

---

Not sure how this ever worked...?!

I think I was referring to the relative path. Seems I hadn't noticed the cd /sys/... command. :flushed: